[Dshield] Mail bombing by MyDoom, bouncing of infected emails, and a few other random thoughts

JD lists at webcrunchers.com
Sun Feb 1 15:03:56 GMT 2004


On Jan 29, 2004, at 8:53 AM, Jon R. Kibler wrote:

> Greetings:
>
> Wow! MyDoom has created a real mess... not so much the virus itself, 
> but the volume of email it is generating. In a normal day, we handle 
> 5K to 25K mail server connections per day (about 0.3 connections/sec) 
> per MTA. Most of this week, it has been 20K to 50K connections per day 
> per MTA.
>
> The higher average connection rate is really not a problem in and of 
> itself -- the problem is that connections have been arriving in large 
> bursts -- as high as 100 new connections per second. At that point, 
> sendmail starts to have problems keeping up.
>
> Anyway, two real reasons for writing about MyDoom mail bombing:
>   1) Question: Has anyone else seen similar behavior -- meaning large 
> connection bursts?
>   2) Pass on some advice on how you can protect yourself from such 
> high connection rates.

Yea - my winpy old EIMS mail server is constantly running out of 
memeory.  it's on an old
Mac os-9  (Yea I know - I should upgrade to Os-X,  but financial 
difficulties prevent that).

John




More information about the list mailing list